ORDER FOR SUPPLIES OR SERVICES 



IMPORTANT: Mark all packages and papers wilh contract and/or order numbers. 



BPANO. FERC-12-A-0455 



T 



PAGE OF PAGES 



1 DATE OF ORDER 

09-10-2012 



2. CONTRACT NO (It any) 
GS35F0306J 



3. ORDER NO. 

FERCT12- 0002 



MODIFICATION NO 4. REQUISITION/REFERENCE NO. 

I See SCHEDULE 



5. ISSUING OFFICE (Address correspondence to) 

Federal Energy Regulatory Commission 
Procurement Division 
Attn : 

888 First Street, NE, Room 4J 
Washington DC 20426 



a. NAME OF CONSIGNEE 

Federal Energy Regulatory Commission 



b STREET ADDRESS 
Warehouse P-l 
Attn: 

888 First Street, NE, Warehouse P-l 



c. CITY 

Washington 



d. STATE 
DC 



J e ZIP CODE 
20426 



7 TO: 



a. NAME OF CONTRACTOR 

BOOZ ALLEN HAMILTON INC. 



8. TYPE OF ORDER 



b. COMPANY NAME 



c. STREET ADDRESS 

8283 GREENSBORO DR 



d. CITY 
MCLEAN 



I e. STATE 
VA 



t. ZIP CODE 
221024904 



□ 



a. PURCHASE 



REFERENCE YOUR 

Please furnish the following on the terms and 
conditions specified on both sides of this order 
and on the attached sheet, if any, including 
delivery as indicated. 



b. DELIVERY 



Except for billing instructions on the reverse, this 
delivery order is subject to instructions 
contained on this side only of this form and is 
issued subject to the terms and conditions 
of the above-numbered contract. 



9. ACCOUNTING AND APPROPRIATION DAT^ee CONTINUATION Page 



10. REQUISITIONING OFFICE ISS 



1 1. BUSINESS CLASSIFICATION (Check appropnate box(es)) 
J a. SMALL [X j b. OTHER THAN SMALL |_ j C. DISADVANTAGED Q d. WOMEN-OWNED 



] f. SERVICE-DISABLED 
1 1 VETERAN -OWN ED 



9. WOMEN-OWNED SMALL BUSINESS (WOSB5 I h. EDWOSS 
- ELIGIBLE UNDER THE WOS8 PROGRAM 1 1 



12. F.O.B. POINT 

N/A 



a. INSPECTION 



13. PLACE OF 



b. ACCEPTANCE 



14. GOVERNMENT B/L NO. 



15. DELIVER TO F.O.B. POINT 
ON OR BEFORE (Date) 



16. DISCOUNT TERMS 



17. SCHEDULE (See reverse for Rejections) 



See CONTINUATION Page 



ITEM NO. 
(a) 



SUPPLIES OR SERVICES 

m 



QUANTITY 
ORDERED 
(G) 



UNIT 
(d) 



UNIT 
PRICE 

w 



AMOUNT 

m 



QUANTITY 
ACCEPTED 
(8) 



SO . 00 

$0 . 00 
So .00 
$0 .00 

$0.00 

so . 00 

so . 00 

$0.00 

$0 . 00 
SO. 00 



SEE BILLING 
INSTRUCTIONS 
ON 
REVERSE 



18 SHIPPING POINT 



j 19. GROSS SHIPPING WEIGHT 



20. INVOICE NO. 



21 MAIL INVOICE TO: 



a NAME 

Federal Energy Regulatory Commission 
Division of Financial Services 



STREET ADDRESS (or P.O Box) 

Attn: Payment/Invoice 

888 First Street, NE, Room 42-71 



PHONE: 
FAX: 



c. CITY 

Washington 



d. STATE 
DC 



e. ZIP CODE 
20426 



$81,807.96 



17(H) 
TOTAL 
(Cont. 
pages) 



17(1). 
GRAND 
TOTAL 



22. UNITED STATES OF AME/ICA 
BY (Signature) 



ame/ca S\ „ 

AL REPRODUCTION// f " 



23 NAME (Typed) 

Shirley Ruiz-Lundgren 

TITLE: CONTRACTING/ORDERING OFFICER 



AUTHORIZED FOR LOCAL REPRODUCTION 
PREVIOUS EDITION NOT USABLE 



OPTIONAL FORM 347 (REV. 2/2012) 
PRESCRIBED BY GSA/FAR 48 CFR 53.213(f) 



A.l Price/ Cost Schedule 



Item Information 



ITEM 
NUMBER 


DESCRIPTION OF 
SUPPLIES/ SERVICES 


QUANTITY 


UNIT 


UNIT PRICE 


AMOUNT 


00002 


Technology - Provide a 
detailed description of 
recommended hardware, 
software 1 and services to 
be used to execute the 
solution. If multiple 
options are being 
recommended, a detailed 
description of each 
platform will be provided 
included associated risks 
with each option. 

Funding/Req. Number: 1 


1.00 


ea 


$55,108.8600 
$55,108.86 0000027043 


$55,108.86 


00003 


Use Cases - Provide 
document use cases that 
clearly demonstrate how 
the recommended 
solutions will satisfy the 
business requirements as 
defined for each individual 
assessment. 

Funding/Req. Number: 1 


1.00 


ea 


$3,551.2200 
$3,551.22 0000027043 


$3,551.22 


00005 


Federal Agency Examples 
- Provide a list of two or 
more other federal 
agencies that are currently 
using the proposed 
solutions. Provide 
references and/or contacts 
for each example. 

Funding/Req. Number: 1 


1.00 


ea 


$3,551.2200 
$3,551.22 0000027043 


$3,551.22 


00007 


Cost Estimate- Each 
solution that is proposed 
will contain a complete 
cost estimate that includes 
estimated costs to 
procure, license and 
implement all hardware, 
software, and services 
recommended in the 
assessment. 

Period of Performance for 
all CLINs contained herein 
is from: 

September 13, 2012 - 
October 12, 2012 


1.00 


ea 


$19,596.6600 


$19,596.66 



Wnrk t"n hp nprfnrrnpH in 

V V \J 1 r\ LU UC L/CI IUI 1 1 ICU 1 1 1 




accordance with proposal 




dated 8/23/12; hereby 




referenced 




Funding/Req. Number: 1 


$19,596.66 0000027043 


GRAND TOTAL $81,807.96 



Accounting and Appropriation Data 







REQUISITION 




ACRN 


APPROPRIATION 


NUMBER 


AMOUNT 


1 


X0212-9121680000-25105-6100-UN- 


0000027043 


$81,807.96 




DEFAULT-00026— - 







INTRODUCTION 



To support the mission of FERC, the DCIO will be investing in Data Loss Prevention (DLP) technology to support business 
needs and enhance the Commission's IT security capability. In addition to developing continuous monitoring program 
strategies to facilitate situational awareness, new initiatives at the Commission such as telework, cloud-based 
infrastructure, and location independence are some of the drivers for adding DLP technology to the FERC's IT roadmap. 



1. BACKGROUND 



FERC will need to invest in new technology for Data Loss Prevention (DLP) in FERC's enterprise networks, and prospective 
cloud-based interface networks. As technologies are advancing or being invented at a rapid pace, FERC has realized a 
need to procure the services of a technical advisor to help assess business objectives in relation to available solutions that 
are designed to prevent, detect and deter data loss or leakage, and minimize the potential exposure of FERC's 
information systems from damages (i.e., loss of sensitive or confidential information, public image, and critical internal 
resources). 

2. PURPOSE 



The purpose of this task order is to obtain a contractor who is an expert in IT security architecture and data loss 
prevention. The contractor will be responsible for reviewing and understanding FERC's current enterprise architecture 
and operating environment, and recommend data loss prevention (DLP) solution(s). FERC employees and contractors 
operate with sensitive legal data and Critical Energy Infrastructure Information (CEII). This includes Personally 
Identifiable Information (PII), sensitive information, Non-public Personal Information (NPI) and other datasets pertaining 
to data privacy and protection regulations and laws. As a regulatory body, the FERC's mission also includes case 
management, with some cases containing up to 100,000 sensitive documents. Additionally, FERC has a requirement 
that a DLP solution work in conjunction with cloud-based email and document collaboration environments, including 
Google Apps, Google Message Security (GMD), and Google Message Discovery (GMD). 
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3. OBJECTIVE/ APPROACH/TASKS 



The Contractor shall provide professional, administrative, and technical services in support of the preparation and delivery 
of the analysis and assessment. The contractor shall complete the following task and document: 

1. DLP Solutions Recommendation 

The contractor shall recommend DLP solutions that support the FERC current enterprise architecture, which includes a 
cloud-based Email and Document Classification Software to support legal, compliance and information sharing 
requirements. A document detailing the recommended solutions shall include, but is not limited to the following: 

1. DLP Solutions Features 

2. Data At Rest 

3. Data In Transit 

4. Data Loss Prevention Notification and Reporting System 

5. Effective and Accurate Detection and Reports on Attempted Breaches involving unauthorized Data 

6. Interoperability with desktop email scanning modules and components 

7. Prevention of emails from being sent to unauthorized recipients 

8. Supporting of classification of inbound and outbound emails that may be sent to or from the enterprise with data 
classification information 

9. Detailed and Accurate Reporting, Notification Features, and Prevention Options 

10. Monitoring and Traceability Features 

11. Traceable Evidence for Digital Forensics 

12. Regulatory Compliance - Multiple Compliances- Global Compliance: Critical Infrastructure Information (CII); 
Critical Energy Infrastructure Information (CEII); NIST 800-53A, Rev. 3; NIST 800-60; NIST SP 800-34; 
FISMA,OMB M-06-16, and M-07-16, FIPS 140-2 encryption for all sensitive data within the DLP system, Data 
Protection and Privacy; US-EU, Safe Harbor, ISO 27001/2; Industry Standards and Best Practices for DLP 

13. Multiple Systems- File integrity, protocols, nodes, network, applications, databases, Meta Data Management 
(MDM), SOA 

14. Industry and Global Best Practices for Security for Data Loss or Leak Prevention and Data Protection and Privacy 

15. Able to Encrypt Multiple File Types: .doc, .rtf, xls, .pdf, etc. 

16. DELIVERABLES 
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The Contractor shall provide an assessment in a report that captures all elements identified in section 4 of this SOW. 
Included in this deliverable are recommendations for potential DLP solutions that fit FERC's architecture and mission 
requirements. The Contractor shall also provide a roadmap that FERC could follow to successfully implement a DLP 
solution. 



The Assessment Deliverables shall include: 

L Kick-off meeting 

2. Project Schedule 

3. Status Meetings 

1. Provide meeting minutes for all meetings 
L Conduct discovery sessions as required to clarify technical and business process questions 
2. Provide draft and final recommendations document on specific DLP solutions that could be integrated with FERC's 
current architecture and operational environment. The recommendation shall include: 

1. Defined Options for hardware, software and services 

2. Timelines for each option if significant differences exist between options 

3. Cost estimates that include details for recommended hardware, software, and services that lists cost to 
implement and to maintain 



4. SCHEDULE OF DELIVERABLES 



The following schedule of milestones will be used to monitor timely progress on the task order. In this schedule FERC will 
designate "Date of Award". The number of days referenced below is in calendar days unless otherwise noted. 



Milestone/Deliverable 


Planned Completion/ Due Date 


Kick-off Meeting 


5 calendar days after award 


Project Schedule 


5 calendar days after award 


Status Reports 


To be determined/per need basis 


Complete Assessment and 
Supporting Documentation 


30 calendar days after award 
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Federal Energy Regulatory Commission BLANKET PURCHASE AGREEMENT 



SECTION B - GENERAL TERMS 



B.l FSS-BPA TERMS AND CONDITIONS 

This order is subject to the terms referenced in BPA FERC-12-A-0455 and the General Services Administration (GSA) 
Federal Supply Schedule Contract # GS35F0306J. 

CONTRACTING OFFICER REPRESENTATIVE (COR) LEVEL I APPOINTMENT 



Salma Mack has been appointed as the Contracting Officer's Representative (COR) Level I for this Contract with 
responsibility for technical oversight, contract administration and day-to-day inspection of the work. The appointment will 
be in effect until final completion of the project, or when terminated or superseded by the Contracting Officer. The COR will 
accomplish inspection and acceptance, including final delivery. Services shall conform to the requirements set forth in the 
contract. 

Salma Mack 

Federal Energy Regulatory Commission 
888 First Street, NE Washington, DC 20426 
202-502-6395 
salma. macktaferc.aov 
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